Latest CVE Feed
-
9.8
CRITICALCVE-2021-22851
HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (document management page) to obtain database schema and data.... Read more
Affected Products : oaklouds_openid- Published: Jan. 19, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22850
HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions.... Read more
Affected Products : oaklouds_portal- Published: Jan. 19, 2021
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2021-22849
Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS (Stored Cross-site scripting) attack.... Read more
Affected Products : hycms-j1- Published: Jan. 22, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22848
HGiga MailSherlock contains a SQL Injection. Remote attackers can inject SQL syntax and execute SQL commands in a URL parameter of email pages without privilege.... Read more
Affected Products : msr45_isherlock-antispam msr45_isherlock-user ssr45_isherlock-antispam ssr45_isherlock-user- Published: Mar. 18, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-22847
Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege.... Read more
Affected Products : hycms-j1- Published: Jan. 22, 2021
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-22827
A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22826. Affected Product: EcoStruxure� Power Monitoring Expert ... Read more
Affected Products : ecostruxure_power_monitoring_expert- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2021-22826
A CWE-20: Improper Input Validation vulnerability exists that could cause arbitrary code execution when the user visits a page containing the injected payload. This CVE is unique from CVE-2021-22827. Affected Product: EcoStruxure� Power Monitoring Expert ... Read more
Affected Products : ecostruxure_power_monitoring_expert- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
8.0
HIGHCVE-2021-22825
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could allow an attacker to access the system with elevated privileges when a privileged account clicks on a malicious URL that compromises the security token. ... Read more
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22824
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphica... Read more
Affected Products : interactive_graphical_scada_system_data_collector- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-22823
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA ... Read more
Affected Products : interactive_graphical_scada_system_data_collector- Published: Feb. 11, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-22822
A CWE-79 Improper Neutralization of Input During Web Page Generation (�Cross-site Scripting�) vulnerability exists that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted mali... Read more
Affected Products : evlink_city_evc1s22p4_firmware evlink_city_evc1s7p4_firmware evlink_parking_evw2_firmware evlink_parking_evf2_firmware evlink_smart_wallbox_evb1a_firmware evlink_parking_evp2pe_firmware evlink_city_evc1s22p4 evlink_city_evc1s7p4 evlink_parking_evw2 evlink_parking_evf2 +2 more products- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
8.6
HIGHCVE-2021-22821
A CWE-918 Server-Side Request Forgery (SSRF) vulnerability exists that could cause the station web server to forward requests to unintended network targets when crafted malicious parameters are submitted to the charging station web server. Affected Produc... Read more
Affected Products : evlink_city_evc1s22p4_firmware evlink_city_evc1s7p4_firmware evlink_parking_evw2_firmware evlink_parking_evf2_firmware evlink_smart_wallbox_evb1a_firmware evlink_parking_evp2pe_firmware evlink_city_evc1s22p4 evlink_city_evc1s7p4 evlink_parking_evw2 evlink_parking_evf2 +2 more products- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22820
A CWE-614 Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain an unauthorized access over a hijacked session to the charger station web server even after the legitimate user account holder has changed his password... Read more
Affected Products : evlink_city_evc1s22p4_firmware evlink_city_evc1s7p4_firmware evlink_parking_evw2_firmware evlink_parking_evf2_firmware evlink_smart_wallbox_evb1a_firmware evlink_parking_evp2pe_firmware evlink_city_evc1s22p4 evlink_city_evc1s7p4 evlink_parking_evw2 evlink_parking_evf2 +2 more products- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2021-22819
A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Prod... Read more
Affected Products : evlink_city_evc1s22p4_firmware evlink_city_evc1s7p4_firmware evlink_parking_evw2_firmware evlink_parking_evf2_firmware evlink_smart_wallbox_evb1a_firmware evlink_parking_evp2pe_firmware evlink_city_evc1s22p4 evlink_city_evc1s7p4 evlink_parking_evw2 evlink_parking_evf2 +2 more products- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-22818
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing brute force attacks. Affected Products: EVlink City EVC1S... Read more
Affected Products : evlink_city_evc1s22p4_firmware evlink_city_evc1s7p4_firmware evlink_parking_evw2_firmware evlink_parking_evf2_firmware evlink_smart_wallbox_evb1a_firmware evlink_parking_evp2pe_firmware evlink_city_evc1s22p4 evlink_city_evc1s7p4 evlink_parking_evw2 evlink_parking_evf2 +2 more products- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22817
A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. Affected Product: Harmony/Magelis iPC Series (All Versions), Vijeo Designer (All V... Read more
- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-22816
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a Denial of Service of the RTU when receiving a specially crafted request over Modbus, and the RTU is configured as a Modbus server. Affected Products: S... Read more
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-22815
A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting archive to be accessed. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Smart-UPS, Symmetra, and Galaxy 3500 with Network Managem... Read more
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-22814
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. Affected Products: 1-Phase Uninterruptible Power... Read more
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-22813
A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC pointing ... Read more
- Published: Jan. 28, 2022
- Modified: Nov. 21, 2024